I don't know how the viruses are tracked, but maybe to reduce size (ifapplicable) some of the more ancient viruses that only affect EOLoperating systems (or programs that should have long since beenpatched) could be spun-off into a separate definition file (that couldbe optionally disabled)? Seems like it would be quite a waste ofresources for most if there were like a million definitions that onlyaffected Windows XP or Office 2003 or something like that...
If you also take a peek at hashes:
Number of hashes:
36,49,543 main.hdb
23,657,708 daily.hdb
248,06,499 main.hsb
905,00,729 daily.hsb
file Size:
36,49,543 main.hdb
23,657,708 daily.hdb
24,806,499 main.hsb
905,00,729 daily.hsb
Example:
grep "130ae8f338cc705a26fa5fa635d8673a" daily.hsb
130ae8f338cc705a26fa5fa635d8673a:92160:Doc.Dropper.Agent-1453138:73
First Seen In The Wild ---> 2016-06-03 20:34:00
Last Submission ---> 2016-06-03 20:37:03
Document Name: Rotech AG_Faktur dot doc
So, is the above hash still relevant or should it moved into archived.hsb, which by default doesn't load ?
Perhaps, daily.* are hashes up to a year old, main.* for hashes two years old and everything else into archive.*
Or jsut drop document hashes over a year old ??
It's a difficult one to suit all uses of ClamAV I guess.